Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

31965763c2...27.exe

windows7-x64

10

31965763c2...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31965763c2f104608614e8df20a07fb1f40746e531d88c2f0b54f919b5f81c27.exe

  • Size

    760KB

  • Sample

    241124-fn8ynavpfy

  • MD5

    878c1cce63fd9ac1b5008cde30742a01

  • SHA1

    8c264e6d1f766aa29cb1c0428fcf2aa1feaf8049

  • SHA256

    31965763c2f104608614e8df20a07fb1f40746e531d88c2f0b54f919b5f81c27

  • SHA512

    932bbc36ef62a3704c2047e03eb874b21571c83b6c23dbf33f734503fdd85f21916f05ab0603abf9fa9f41aed09b83cf4440682ff47fb9e5abd01f56bf61591e

  • SSDEEP

    12288:wa8UpA6qRSE8+JfIEF/WAK6zPmnWutMIaQ3tCHi25dGgxoJtMbcdMkuvMNptn0Uf:WVpK6z+ni89CHrvUMbcvaEqRZGl

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.vivaldi.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    K@maR1-2019Hotelss

Targets

    • Target

      31965763c2f104608614e8df20a07fb1f40746e531d88c2f0b54f919b5f81c27.exe

    • Size

      760KB

    • MD5

      878c1cce63fd9ac1b5008cde30742a01

    • SHA1

      8c264e6d1f766aa29cb1c0428fcf2aa1feaf8049

    • SHA256

      31965763c2f104608614e8df20a07fb1f40746e531d88c2f0b54f919b5f81c27

    • SHA512

      932bbc36ef62a3704c2047e03eb874b21571c83b6c23dbf33f734503fdd85f21916f05ab0603abf9fa9f41aed09b83cf4440682ff47fb9e5abd01f56bf61591e

    • SSDEEP

      12288:wa8UpA6qRSE8+JfIEF/WAK6zPmnWutMIaQ3tCHi25dGgxoJtMbcdMkuvMNptn0Uf:WVpK6z+ni89CHrvUMbcvaEqRZGl

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks